Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Splunk - receiving data from univ. forwarder

Posted on 2015-01-11
7
Medium Priority
?
164 Views
Last Modified: 2015-01-25
Hey experts! I am evaluating Splunk for a client. I have deployed the server piece and installed the universal forwarder onto a few Windows servers. I noticed the logs from these servers appeared to not be showing in search results.

I checked the splunkd file and the last line shows a successful connection to the Splunk server. During the install wizard of the univ forwarder, I just accepted the defaults.

Is there a configuration piece I am missing?
0
Comment
Question by:Schuyler Dorsey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543678
FYI the Univ. Forwarder sends the App, System and Security logs by default.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543687
I have an index created for wineventlog and msad. Just accepted defaults for these.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543708
I think I got it. After rebooting the indexer, some logs are appearing in search results. Will monitor to confirm resolution.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 65

Expert Comment

by:btan
ID: 40545874
if you check the output.conf comments, it stated "# You must restart Splunk to enable configurations."

http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Outputsconf

also it stated restart forwarder for some configuration changes.

http://docs.splunk.com/Documentation/Splunk/6.2.1/Forwarding/Deploymentoverview#General_configuration_issues
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 0 total points
ID: 40559577
I fixed this by adjusting my inputs.conf. My stanzas had an error in them.
0
 
LVL 65

Expert Comment

by:btan
ID: 40559710
thanks for sharing hope my post has help though
0
 
LVL 10

Author Closing Comment

by:Schuyler Dorsey
ID: 40569007
Correct answer.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question